]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 712525b)
atheros: Fix hapd_deinit() handler with generic IEs set
authorAshok Kumar Ponnaiah <aponnaia@qti.qualcomm.com>
Wed, 14 Oct 2015 13:01:30 +0000 (16:01 +0300)
committerJouni Malinen <j@w1.fi>
Wed, 14 Oct 2015 15:43:26 +0000 (18:43 +0300)
atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
src/drivers/driver_atheros.c patch | blob | blame | history

diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index dbc15037656c8ac6fc49e58a3fa6860e25c5525d..b786ad2a2a35de76e6bf817cfa99b5cdf8d90d39 100644 (file)
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -1704,10 +1704,10 @@ atheros_deinit(void *priv)
        atheros_reset_appfilter(drv);
 
        if (drv->wpa_ie || drv->wps_beacon_ie || drv->wps_probe_resp_ie) {
+               atheros_set_opt_ie(priv, NULL, 0);
                wpabuf_free(drv->wpa_ie);
                wpabuf_free(drv->wps_beacon_ie);
                wpabuf_free(drv->wps_probe_resp_ie);
-               atheros_set_opt_ie(priv, NULL, 0);
        }
        netlink_deinit(drv->netlink);
        (void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);
Unnamed repository; edit this file 'description' to name the repository.